SOLVED: Some users locked out of ssh and sftp?

SOLVED: Some users locked out of ssh and sftp?

[Eve Atley]

First, I had 'user account is locked'.

Second, once I logged in via the linux box, using 'ssh -l manik
192.168.10.57', it created a new .Xauthority file, apparently.

And they're in.

- Eve


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: SOLVED: Some users locked out of ssh and sftp?

[Ray Olszewski]

At 07:01 PM 3/14/2005 -0500, Eve Atley wrote:

>First, I had 'user account is locked'.
>
>Second, once I logged in via the linux box, using 'ssh -l manik
>192.168.10.57', it created a new .Xauthority file, apparently.
>
>And they're in.

I hope your problem is solved ... but I'd encourage you to keep an eye on 
this, at the least.

.Xauthority should have no connection with ssh logins ... and I just 
verified that the one host where I have an account but no .Xauthority file 
(this file derives from running X sessions, as you might guess from the 
name, so is present on my workstations) connects just fine with Winscp.

I don't know what "user account is locked"  means, possibly hecause I don't 
know the context in which you got that message.


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: SOLVED: Some users locked out of ssh and sftp?

[Donald Duckie]

I got this error message as shown below  . . . 
How do I change the /root/.ssh/known_hosts file?
It seems encrypted . . .


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! 
   @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now
(man-in-the-middle attack)!
It is also possible that the RSA host key has just
been changed.
The fingerprint for the RSA key sent by the remote
host is
23:52:d4:e8:6a:75:72:ed:78:cb:31:1f:6a:ff:b4:ea.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get
rid of this message.
Offending key in /root/.ssh/known_hosts:7
RSA host key for 192.168.0.1 has changed and you have
requested strict checking.
Host key verification failed.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: SOLVED: Some users locked out of ssh and sftp?

[SOTL]

On Tuesday 15 March 2005 04:23, Donald Duckie wrote:
> I got this error message as shown below  . . .
> How do I change the /root/.ssh/known_hosts file?
> It seems encrypted . . .
>
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
>    @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now
> (man-in-the-middle attack)!
> It is also possible that the RSA host key has just
> been changed.
> The fingerprint for the RSA key sent by the remote
> host is
> 23:52:d4:e8:6a:75:72:ed:78:cb:31:1f:6a:ff:b4:ea.
> Please contact your system administrator.
> Add correct host key in /root/.ssh/known_hosts to get
> rid of this message.
> Offending key in /root/.ssh/known_hosts:7
> RSA host key for 192.168.0.1 has changed and you have
> requested strict checking.
> Host key verification failed.
>
I posted this to you several days ago.

The file you are seeking is located in the computer you are loging in FROM not 
the server.

Look at my previous message:

Hi All

I just spent half a day trying to fix this problem on the wrong computer. In 
justification of the time I was not using SSH directly but fish which uses 
SSH so I was not getting the error messages. Once I tried it connecting using 
SSH I fixed the problem in 5 minutes

In Linux SSH has a computer verification file for computers that have 
permission to log in at /home/<user>/.ssh/known_hosts:2

Explanation. I trashed the HD in one box [a test box with no data in it]. 
After re installation of HD, & configuration I found that I could SSH from 
the  new system but could not SSH from computers which had previously 
connected to the box with the new HD and system. 

I removed contents of above fine saved and was able to immediately log-in.

Hope this helps.

Frank
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: SOLVED: Some users locked out of ssh and sftp?

[chuck gelm]

Donald Duckie wrote:
> I got this error message as shown below  . . . 
> How do I change the /root/.ssh/known_hosts file?
> It seems encrypted . . .

Hi, Donald:

  The file is not encripted, but it contains an encription key for
each remote hostname.  There is a line for each 'ssh' host that
you have sucessfully connected.  If the remote 'host' has changed
its encription key and you already have a line with the old
encription key, 'ssh' will fail with that message.

Solution:

  Use a 'text' editor and open /root/.ssh/known_hosts.
Delete the line that starts with the remote hostname.
Save and exit.  (or 'rm known_hosts')

'ssh' to that hostname.
Answer 'yes' when prompted.

HTH, Chuck

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: SOLVED: Some users locked out of ssh and sftp?

[Ray Olszewski]

If this still you, Eve, just from a different e-mail address? Or is this 
someone new with (almost) the same problem as Eve?

At 01:23 AM 3/15/2005 -0800, Donald Duckie wrote:

>I got this error message as shown below  . . .
>How do I change the /root/.ssh/known_hosts file?
>It seems encrypted . . .

Chuck identified the right first-pass fix here. To expand a bit: go into 
the known_hosts file (on the client end, NOT the server end), find the 
entry for the target sshd server's system (at the START of each long entry 
is one or more identifiers, which could be hostnames, FQDNs, or IP 
addresses ... look for 192.168.0.1) and simply delete it. Then your ssh 
client will see the connection attempt as a first connection to a new host 
and ask you to confirm it manually ... at which point it will do the 
required update to known_hosts for you.

The above may not work in your setup, though; as I read the man page, it is 
unclear how ssh handles new connections when set to "StrictHostKeyChecking 
Yes". If this does NOT work, I suggest a second approach below.


>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
>    @
>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>Someone could be eavesdropping on you right now
>(man-in-the-middle attack)!
>It is also possible that the RSA host key has just
>been changed.
>The fingerprint for the RSA key sent by the remote
>host is
>23:52:d4:e8:6a:75:72:ed:78:cb:31:1f:6a:ff:b4:ea.
>Please contact your system administrator.
>Add correct host key in /root/.ssh/known_hosts to get
>rid of this message.
>Offending key in /root/.ssh/known_hosts:7
>RSA host key for 192.168.0.1 has changed and you have
>requested strict checking.
>Host key verification failed.

What is causing your problem is that you (probably) have

         StrictHostKeyChecking Yes

in your ssh **client's** config file (/etc/ssh/ssh_config for systemwide 
settings,  $HOME/.ssh/config for user-specific setting). Change this 
setting to

         StrictHostKeyChecking Ask

and ssh will ask you if you want to update the key when it sees this sort 
of thing, which occurred either because you reinstalled sshd on the host in 
question (thereby generating a new server key in 
/etc/ssh/ssh_host_rsa_key), or you replaced the host at that hostname, 
FQDN, or IP address (whichever way you attempted to connect to it ... 
probably IP address, since the message refers to 192.168.0.1).


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: SOLVED: Some users locked out of ssh and sftp?

[Eve Atley]

It's not me! :)

- Eve

-----Original Message-----
From: linux-newbie-owner@vger.kernel.org
[mailto:linux-newbie-owner@vger.kernel.org] On Behalf Of Ray Olszewski
Sent: Tuesday, March 15, 2005 11:03 AM
To: linux-newbie@vger.kernel.org
Subject: Re: SOLVED: Some users locked out of ssh and sftp?


If this still you, Eve, just from a different e-mail address? Or is this 
someone new with (almost) the same problem as Eve?

At 01:23 AM 3/15/2005 -0800, Donald Duckie wrote:

>I got this error message as shown below  . . .
>How do I change the /root/.ssh/known_hosts file?
>It seems encrypted . . .

Chuck identified the right first-pass fix here. To expand a bit: go into 
the known_hosts file (on the client end, NOT the server end), find the 
entry for the target sshd server's system (at the START of each long entry 
is one or more identifiers, which could be hostnames, FQDNs, or IP 
addresses ... look for 192.168.0.1) and simply delete it. Then your ssh 
client will see the connection attempt as a first connection to a new host 
and ask you to confirm it manually ... at which point it will do the 
required update to known_hosts for you.

The above may not work in your setup, though; as I read the man page, it is 
unclear how ssh handles new connections when set to "StrictHostKeyChecking 
Yes". If this does NOT work, I suggest a second approach below.


>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
>    @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>Someone could be eavesdropping on you right now
>(man-in-the-middle attack)!
>It is also possible that the RSA host key has just
>been changed.
>The fingerprint for the RSA key sent by the remote
>host is
>23:52:d4:e8:6a:75:72:ed:78:cb:31:1f:6a:ff:b4:ea.
>Please contact your system administrator.
>Add correct host key in /root/.ssh/known_hosts to get
>rid of this message.
>Offending key in /root/.ssh/known_hosts:7
>RSA host key for 192.168.0.1 has changed and you have
>requested strict checking.
>Host key verification failed.

What is causing your problem is that you (probably) have

         StrictHostKeyChecking Yes

in your ssh **client's** config file (/etc/ssh/ssh_config for systemwide 
settings,  $HOME/.ssh/config for user-specific setting). Change this 
setting to

         StrictHostKeyChecking Ask

and ssh will ask you if you want to update the key when it sees this sort 
of thing, which occurred either because you reinstalled sshd on the host in 
question (thereby generating a new server key in 
/etc/ssh/ssh_host_rsa_key), or you replaced the host at that hostname, 
FQDN, or IP address (whichever way you attempted to connect to it ... 
probably IP address, since the message refers to 192.168.0.1).


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: SOLVED: Some users locked out of ssh and sftp?

[Eve Atley]

>I don't know what "user account is locked"  means, possibly hecause I don't

>know the context in which you got that message.

In the RedHat User Manager, you can choose the Properties of each user and
edit things like what shell they use, change password, enable/disable
account expiration. Also included is a simple checkbox: "User account is
locked." On a whim, I unchecked this and things started working for me.

Which seems somehow too simple...

- Eve


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: SOLVED: Some users locked out of ssh and sftp?

[Donald Duckie]

hi chuck,

thanks for your information.
i was quite hesistant to delete that line, that was
why i wanted some confirmation.
it is already ok now.

this is not eve.
sorry eve :)
it just happen that i have the same problem that
moment, and while taking some break, i happen to read
this thread. that was why i asked as to how i would
modify the known_hosts file.

donald

--- chuck gelm <chuck@gelm.net> wrote:
> Donald Duckie wrote:
> > I got this error message as shown below  . . . 
> > How do I change the /root/.ssh/known_hosts file?
> > It seems encrypted . . .
> 
> Hi, Donald:
> 
>   The file is not encripted, but it contains an
> encription key for
> each remote hostname.  There is a line for each
> 'ssh' host that
> you have sucessfully connected.  If the remote
> 'host' has changed
> its encription key and you already have a line with
> the old
> encription key, 'ssh' will fail with that message.
> 
> Solution:
> 
>   Use a 'text' editor and open
> /root/.ssh/known_hosts.
> Delete the line that starts with the remote
> hostname.
> Save and exit.  (or 'rm known_hosts')
> 
> 'ssh' to that hostname.
> Answer 'yes' when prompted.
> 
> HTH, Chuck
> 
> -
> To unsubscribe from this list: send the line
> "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at 
> http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at
> http://www.linux-learn.org/faqs
> 


		
__________________________________ 
Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 
http://mobile.yahoo.com/maildemo 
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs